Lucene search
K

157 matches found

OSV
OSV
added 4 days ago12 views

BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS7.1AI score0.0029EPSS
Exploits0References58
Oracle linux
Oracle linux
added 2026/06/29 12:0 a.m.5 views

python security update

2.7.5-94.0.9 - Fix for CVE-2026-4786 Orabug: 39418723 2.7.5-94.0.7 - Fix for CVE-2026-4519 Orabug: 39243798 2.7.5-94.0.5 - Fix for CVE-2025-15366 and CVE-2025-15367 Orabug: 39114639 2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314...

7.1CVSS5.8AI score0.0029EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Oracle Linux 9 : python3.9 (ELSA-2026-18693)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...

9.1CVSS7AI score0.00579EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : python3.14 (ELSA-2026-19176)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19176 advisory. - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Resolves: RHEL-167918, RHEL-168160 - Security fixes for CVE-2026-2297,...

9.1CVSS7AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.7 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/06/15 3:21 p.m.3 views

ROOT-OS-DEBIAN-12-CVE-2026-4519 CVE-2026-4519 in rootio-python3.11 - Patched by Root

Root has patched CVE-2026-4519 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

3.3CVSS5.9AI score0.00308EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/01 1:40 a.m.21 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7.3AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/28 7:32 a.m.15 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

RockyLinux 8 : python3 (RLSA-2026:6473)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6473 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

7.1CVSS6.8AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 4:24 p.m.11 views

RLSA-2026:6473 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/05/21 4:24 p.m.15 views

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...

7.1CVSS5.8AI score0.00308EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/20 10:23 a.m.12 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.22 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1638)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1638 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain browser types the webbrowser.open API could have commands injected into the...

9.1CVSS6AI score0.00579EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 7:1 p.m.11 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.14 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.23 views

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.3AI score0.00579EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.18 views

Amazon Linux 2 : python3, --advisory ALAS2-2026-3281 (ALAS-2026-3281)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3281 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Important: python3

Issue Overview: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. CVE-2026-4786 Use-after-free UAF wa...

9.1CVSS7.5AI score0.00579EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/07 5:25 a.m.13 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/07 4:55 a.m.17 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
Rows per page
Query Builder